CVSS: 6.4EPSS: 0%CPEs: 20EXPL: 1CVE-2022-31160 – jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
https://notcve.org/view.php?id=CVE-2022-31160
20 Jul 2022 — Para remediar el problema, alguien que pueda cambiar el HTML inicial puede envolver todo el contenido que no sea de entrada de la "label" en un "span" Hong Phat Ly discovered that jQuery UI did not properly manage parameters from untrusted sources, which could lead to arbitrary web script or HTML code injection. • https://blog.jqueryui.com/2022/07/jquery-ui-1-13-2-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1920 – gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
https://notcve.org/view.php?id=CVE-2022-1920
19 Jul 2022 — Potential for arbitrary code execution through heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2453 – Use After Free in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-2453
19 Jul 2022 — Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1921 – gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
https://notcve.org/view.php?id=CVE-2022-1921
19 Jul 2022 — Potential for arbitrary code execution through heap overwrite. • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2454 – Integer Overflow or Wraparound in gpac/gpac
https://notcve.org/view.php?id=CVE-2022-2454
19 Jul 2022 — Multiple vulnerabilities have been discovered in GPAC, the worst of which could lead to arbitrary code execution. • https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34033 – Gentoo Linux Security Advisory 202405-07
https://notcve.org/view.php?id=CVE-2022-34033
18 Jul 2022 — Se ha detectado que HTMLDoc versión v1.9.15, contiene un desbordamiento de pila por medio de (write_header) /htmldoc/htmldoc/html.cxx:273 Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. • https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e • CWE-787: Out-of-bounds Write •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23201 – Adobe RoboHelp Reflected XSS could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-23201
15 Jul 2022 — Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Adobe RoboHelp versiones 2020.0.7 (y anteriores), están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado. Si un atacante es capaz de convencer a una víctima de que visite una URL que haga ... • https://helpx.adobe.com/security/products/robohelp/apsb22-10.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-34230 – Adobe Acrobat Reader Use After Free could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34230
15 Jul 2022 — Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-34221 – Adobe Acrobat Reader Type Confusion vulnerability could lead to Arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-34221
15 Jul 2022 — Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/acrobat/apsb22-32.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 1CVE-2022-35409 – Gentoo Linux Security Advisory 202301-08
https://notcve.org/view.php?id=CVE-2022-35409
15 Jul 2022 — Las configuraciones afectadas tienen MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE habilitado y MBEDTLS_SSL_IN_CONTENT_LEN menos que un umbral que depende de la configuración: 258 bytes si se utiliza mbedtls_ssl_cookie_check, y posiblemente hasta 571 bytes con una función de comprobación de cookies personalizada Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. • https://github.com/Mbed-TLS/mbedtls/releases • CWE-125: Out-of-bounds Read •